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DECLARATION OF F ACT BY KERRY CHAMPION UNDER 37 C.FJL S 1.131 

I, Kerry Champion, hereby declare the following: 

1. I am the sole inventor of the invention described and claimed of U.S. Patent 
Application Serial No. 10/015,502 (hereinafter "Subject Application"), entitled 'Traffic Manager 
for Distributed Computing Environments," filed on December 1 1, 2001. 

2. I conceived of and reduced to practice the invention — as described and claimed in 
claims 1 through 68 as filed in the Subject Application (hereinafter "the claimed invention") - in 
this country before September 21, 2001. My prior conception and reduction to practice are 
evidenced by the following: 



Dated: 



By: 
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a. Attached hereto as Exhibit A is a true and correct copy of selected pages 
of PowerPoint presentation showing an implementation of a SOAP traffic manager. As 
can be seen, the SOAP traffic manager enables the exchange of SOAP messages between 
client and server programs. In addition, Ihe SOAP traffic manager enables security 
models (such as encryption/decryption and signature verification), as well as malicious 
attack protections (such as service attacks) and DMZ policy enforcement (DMZ stands 
for demilitarized zone, which is an area that exists between trusted and un trusted 
networks to provide additional levels of security). The SOAP traffic manager is shown: 
receiving a SOAP message, deteraiining whether a security rule has been defined for the 
SOAP message (based on a security policy for exchanging SOAP messages), and 
performing a security related operation on the SOAP message based on the security rule. 
I gave this presentation on September 11, 2001, as further indicated by the date in the 
lower left-hand comer of the selected pages. I prepared this presentation well in advance 
of that date. 

b. Attached hereto as Exhibit B is a true and correct copy of a "SOAP Traffic 
Manager Software Architecture Document." The purpose of this document was to enable 
one skilled in the art to implement an operational embodiment of the SOAP traffic 
manager. As can be seen, the described SOAP traffic manager enables the exchange of 
SOAP messages between client and server programs. The SOAP traffic manager, among 
other things, defines transformations (e.g., for mapping between a key or other security 
identifier used by a client program and a key or other security identifier used by a server 
program) and assigns rights for a particular SOAP interface (e.g., when a SOAP interface 
should be published or accessed by a particular individual, based on a rule associated 
with that SOAP interface). The Use Case, Logical, Deployment, and Data Views of the 
Architecture Document readily demonstrate to one skilled in the art how to implement a 
SOAP traffic manager capable of: receiving a SOAP message, determining whether a 
security rule has been defined for the SOAP message (based on a security policy for 
exchanging SOAP messages), and performing a security related operation (e.g., 
encryption/decryption, digital signature signing/verification, granting/denying interface 
publication/access, and assess whether the SOAP message constitutes a service attack) on 
the SOAP message based on the security rule. One specific example provided in the 
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Architecture Document is under section 6.1, on page 9, which describes the policy: "If 
the service Withdrawcredit is called with parameter Amount greater than 10000 then send 
mail to Admimstrator and fail request." Here, a received SOAP message is attempting to 
access the Withdrawcredit service (provided by some server) via a SOAP interface of the 
SOAP traffic manager. However, there is a rule associated with that SOAP 
message/interface which states: if the parameter Amount is greater than 10000, men 
certain operations must be performed. Ia particular, an email is sent to the Administrator, 
and the client request is failed (i.e., no access is granted to the user for that particular 
service/SOAP interface). The last noted revision date of the Architecture Document is 
September 3, 2001 (shown in European formal as "03.09.2001"). The 1999 copyright 
date is not applicable. 

c. Exhibits A and B illustrate my conception of a SOAP traffic manager as 
defined by the claimed invention, as discussed with points a and b above. 

d. Computer implemented methodologies, modules, and apparatuses are 
commonly implemented based on Block diagrams, Use Case Views, Logical Views, 
Deployment Views, and Data Views, such as those shown in Exhibits A and B. Thus, 
these diagrams and views (as well as their accompanying written description), further 
demonstrate that the claimed invention was reduced to practice before September 21, 
2001. 

e. From at least September 21, 2001 through the preparation and filing of the 
Subject Application, I diligently worked to communicate the claimed invention to a 
patent attorney for the purpose of filing a patent application, resulting in the Subject 
Application prepared and filed with due diligence. 

3. Therefore, the claimed invention was both conceived and reduced to practice 
before September 21, 2001. 
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4. T hereby declare that all statements made herein to the best of my owu knowledge 
are true and that all statements made on information and belief are believed to be true; that these 
statements were made with the knowledge that willful false statements and the like so made are 
punishable by fine and/or imprisonment under 18 U.S.C. § 1001; and that such willful statements 
may jeopardize the validity of the application or any patent issued thereon. 
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1. 



Software Architecture Document 

Introduction 

This document provides a comprehensive architectural overview of the system, using a number of different 
architectural views to depict different aspects of the system. It is intended to capture and convey the 
significant architectural decisions which have been made on die system. 
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Architectural Goals and Constraints 

Hie architecture of the Stele SOAP Traffic Manager aims to achieve the following goals: 

• Platform independence 

• DB platform independence 

• Scalability 

• Maximum re-use of 3 rd party supported components 

3. Use-Case View 




Administrator 



Traffic Manager Lteer 



4. Logical View 



Confidential 



©Stele, 1999 



Page 4 of 10 



Stele SOAP Traffic Manager 


Version: 1.0 


Software Architecture Document 


Date: 03.09.2001 


<document identified 



4.1 Main 






TrafflcManager 



4.2 Services 







Parameter 


♦getlDO : Int 
+setlD(?n ID : Int) 
+getName() : String 




* 

1 


-^elNameO : String 
♦getTypeO ; String 



Service 



-*getlnXMLO : String 
+set!nXMLGn InXML : String) 
4getOutXML<); String 
♦setOutXMIJin OutXML : String) 
+geU s Custom () : boolean 
+setIsCustom(in IsCustom : Boolean) 
+setServer{ln server : Server) 
+getServerO : Server 
^tMPararnetersQ : ArrayUstQ fParameters 

1 ^ 



c- 



I 



ServlceManager 



+findService(ln ID : int) : Service 
-HmdServicejfn Name : String, in URL : String) : Servioe 
-rtmdAIIServfcesO : ArrayUstOServices 
+addService{ln service : Service) 
+updateServfce(In service : Service) 
■KJeieteServicefln ID : int) 
+ad0^erverfm server : Server) 
mpdateServenln server : Server) 
-KteleteServerfm ID : inl) 



Server 



*getlDO:W 
+setiD(in ID : Int) 
+getNameO : String 
+setName{in Name : String) 
+getURL0: String 
+setURL(in URL : String) 
■*getWSDLLocationO : String 
+selWSDLLocatlonfin WSDLLocation : String) 



DataTraneform 



+TransformDatafw Data : String, out TransformeriData : String) ; boolean 
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4.3 Users 



User 



+getlD0 : int 
♦setiDfln ID: Int) 
tgetNameQ : String 
+setName(in Name : String) 
-tgetLoginNameO : String 
+setLogSnName(ln LoginName : String) 
+getPasswordO : String 
+setP3Ssword(tn Password : String) 
+getRo!eO : Role 
+setRo?e(in 10 : int) 
+getGfoupsO : Array Us tOfGroups 
+getService3ABowedO - ArrayUstOfServlces 



Group 



+«etlD0:int 
+setlD<in ID: bit) 
+getNameO : String 
+setName(ln Name : String) 



Role 



+getlDO:int 
+setID(ln ID : int) 
+getNameO : String 
+setName(in Name : String) 



UserManager 



+findUserBylD(ln ID : int) : User 
^ndUserByLoglnNamefln LoginName : String) : User 
♦findAlIUsersO : ArrayUstOJUsers 
+findAIIGroupsO : ArrayListOf Groups 
•HindAllRolesO : ArrayUstOfRoies 
^ddUserToGroup0n UserlD : int, in GroupiD : int) 
**ernoveUserf romGroupfln UseriD : int, in Group ID : int) 
+addUser(inout user : User) 
+deleteUser(tn ID : int) 
+addGroup(inout group : Group) 
♦deleteGroupfin ID : int) 
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4.4 Policies 



PollcyManager 



+findAIIPoadesO : ArrayUstOtPolides 
+findPol!cy(ln ID : int) : Policy 
+addPdicy(in policy : Policy) 
+updatePolicy(tn policy : Policy) 
+removePoficy(in ID : int) 



SendMaU 



3 



LogMessage 









Fail Request 







i 


Policy 




+geUD0 : int 
+setlD(in ID: int) 
+getName0 : String 
♦setNamepn Name : String) 
+getXMLTextQ : String 
■»-addCondition(in condition) 
nemoveCondftlontfn condition) 
+3ddAction(in action) 
+removaActfon(In action) 
+getConditionsO : ArrayUstOfConditons 
♦getActionsQ : ArrayUstOfActions 


1 

• 





w 


«metaclass» 
Action 




cmetadass* 
Condition 








+getName() : String 
+getParamsO : ArrayUstOfStrfngs 
+perfonm0 




+getName() : String 
+getParams() : ArrayUstOfStrlngs 
+check0 : boolean 



ServlcaEquals 



Compare 



+getOperation() : String 



5. Deployment View 



* 

Confidential 



©Stele, 1999 



* 



Page 7 of 10 



Stele SOAP Traffic Manager 


Version: 1.0 


Software Architecture Document 


Date: 03.092001 


<document identified 



6. Data View 



PK 


ID 




NAME 




SOAP NAME 




IN TRANS 




OUT TRANS 


FK1 


SERVER ID 



I 





PK 


ID 




URL 
WSDL 



rSERVp 








FK1 
FK2 


SERVICE ID 
POUCYJD 







FK1 


ID 

MAP ID 
FIND 

REPLACE 



SMI 




PK 






XML 





PK 






NAME 



The above diagram represents the tables stored in die SQL server. Description of the fields follows. 



SEKVICKS 


NAME 


Name of the service 


SAOP_NAME 


Name of the SOAP function to be called 


IN TRANS 


XSLT of the transformation to be applied to incoming requests 


OUTTRANS 


XSLT of die transformation to be applied Co results 


SERVER_ID 


Foreign key in die table SERVERS 




SEKYEKS 


URL 


URL of the SOAP interface (HTTP transport assumed for demo, in final version this 
table will be enhanced) 


WSDL 


URL of the WSDL document describing the service 
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XML 



Contains description of the policy in XML format For a detailed description of the 
format follows. 



6.1 Policy definition format 

For the definition of policies XML-based format will be used The following example describes the policy "If the 
service WithdrawCredit is called with parameter Amount greater than 10000 then send mail to Administrator and 
fail request 



<conditiona> 

<cond name=*ServiceEquals*> 

<param value="WithdrawCredit"/> 
</cond> 

<cond name=" Compare" op«"gt l '> 
<parara value=*Amount 0 /> 
<param values* 10 OOO 0 /> 
</cond> 
<ccnditions> 
<actions> 

<action name=' , SendMail ,, > 

<param value^'Adminlstrator'A This is a role chacked in the LDAP 



<action name=*PailRequest <r > 

<param values "http: //server .com/anmiount_not_al lowed. xml*7> Source for 
returned XML result 

</action> 
</actions> 



For the prototype the supported conditions and actions and their syntax and parameters are described below, 
ftf.f Conditions 

Sfimgs ™me equal* * specific service 

<cond name="ServiceEguaXa , '> 

<parara value«"nanie_to_matcli"/> 

</cond> 



Parameter fparaml fool lvalue! 





equals 


It 


less than 


gt 


greater than 


contains 


contains 



<cond name»* Compare* op=*op*> op = eq | It j qt | contains 
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< pa ram value « " Par am^to^campare* / > 
<param valuer "Valua_to_coiBpar a* /> 
</cond> 



6,1.2 Actions 

S^dmaqtQ [person] 



<action name= w SendMail*> 

<parara value* "person* /> This is a role chacked in the LDAP 
</action> 



Fain Ksqassl 



<action name=**FailRequest*> 

<param value^http: //server. com/ ammount_not_al lowed. xml*/> Source for 
returned XML result 
</action> 



Storc message in Log 



<action nameo'LogMessage^ 
Text to store in log 
</action> 



• 
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